[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN108809864B - Multi-line card high-density TAP switch based on FPGA - Google Patents

Multi-line card high-density TAP switch based on FPGA Download PDF

Info

Publication number
CN108809864B
CN108809864B CN201810617188.2A CN201810617188A CN108809864B CN 108809864 B CN108809864 B CN 108809864B CN 201810617188 A CN201810617188 A CN 201810617188A CN 108809864 B CN108809864 B CN 108809864B
Authority
CN
China
Prior art keywords
module
data stream
line card
data
protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810617188.2A
Other languages
Chinese (zh)
Other versions
CN108809864A (en
Inventor
董继刚
吴恒奎
孙宏
王天罡
姜玥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 41 Institute
Original Assignee
CETC 41 Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 41 Institute filed Critical CETC 41 Institute
Priority to CN201810617188.2A priority Critical patent/CN108809864B/en
Publication of CN108809864A publication Critical patent/CN108809864A/en
Application granted granted Critical
Publication of CN108809864B publication Critical patent/CN108809864B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/10Packet switching elements characterised by the switching fabric construction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2475Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/30Peripheral units, e.g. input or output ports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a multi-line card high-density TAP switch based on FPGA, which comprises a plurality of line card modules, a high-speed serial back plate, a main control module and a switching module; the line card module receives data streams of the network side interface, identifies protocol information of the data streams, sends the data streams of the network side interface to the exchange module, receives the data streams sent by the exchange module, and sends the processed data streams and the data streams uploaded by the exchange module to the tool side interface; the switching module realizes the exchange of data and control information between the line card modules and the main control module, identifies and processes the received data stream of the network side interface, and sends the processed data stream to the line card modules according to a TAP (test access port) switching strategy customized by a user; the main control module realizes the control and the state monitoring of the whole machine, issues control and configuration instructions to each line card module through the exchange module, and collects the state information of each line card module and the exchange module.

Description

Multi-line card high-density TAP switch based on FPGA
Technical Field
The invention relates to a multi-line card high-density TAP switch based on an FPGA.
Background
The TAP switch is also called as an ethernet splitter or a network monitoring switch, and is an ethernet network traffic intelligent processing device, and a port of the TAP switch can be set as a network side interface and a tool side interface, wherein the network side interface is used for acquiring original data on a network, and after the original data is processed by the TAP, the original data is sent to the tool side interface, and the tool side interface is used for connecting a network security tool. The TAP switch can perform functions of data copying, gathering, load balancing and the like under the condition of not interrupting normal flow of a network, and meanwhile, can perform filtering processing on the flow, and improves the compatibility and expandability of network safety tools. Therefore, the TAP switch is an important supporting device for acquiring network traffic and optimizing the performance of a network security tool in security solutions such as an IP network security monitoring system, an intrusion detection system, a mobile signaling analysis system, a content auditing system, and the like.
At present, the structures of TAP switches and the implementation methods thereof mainly include the following three types:
(1) as shown in fig. 1, the TAP switch implemented based on PHY chips acquires uplink and downlink data by using a cross structure between PHY chips in a back-to-back connection manner of ethernet PHY chips.
(2) As shown in fig. 2, the TAP Switch based on the NPU needs to work in conjunction with a Switch chip or a PHY chip, and simultaneously needs a DDR and other memories, and data is processed by the PHY chip and then sent to an NPU buffer, analyzed and processed by the NPU, and then sent to a designated tool side interface in the reverse direction.
(3) As shown in fig. 3, the TAP Switch implemented based on the Switch chip mainly includes a Switch chip, a main control module, and a PHY interface chip. The Switch chip utilizes the own store-and-forward structure to filter and process the data under the configuration of the main control module, and sends the data to the designated tool port.
The TAP switch constructed based on the PHY chip has single function, only the PHY interfaces with the same speed can transmit data, the data exchange among high-density ports cannot be realized, and the TAP switch is not suitable for the safety monitoring of large-scale high-density networks such as data centers and the like.
On one hand, the TAP switch realized based on the NPU has the disadvantages that the price of the high-performance NPU is expensive, so the TAP switch constructed based on the NPU has higher cost; on the other hand, because the data processing in the NPU adopts software processing, the forwarding and processing time delay is large, and the NPU is not easy to be accurately controlled, and cannot meet the requirement of low time delay in application scenarios such as finance, which have high requirements on real-time performance.
The TAP Switch realized based on Switch needs a high-performance Switch chip, but the processing speed and the analysis depth of network traffic are insufficient, and the Switch chip processes data in a link layer, a network layer and a transmission layer, so that deep identification and filtering processing cannot be performed on an application layer of network data flow.
In summary, in the prior art, the TAP switch is insufficient in port number and data processing depth, and cannot meet the security monitoring requirements of large-scale high-density networks such as data centers, and an effective solution is still lacking for how to increase the data processing depth of the TAP, increase the port number, and meet the application requirements of the high-density network.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides the multi-line-card high-density TAP switch based on the FPGA, the FPGA is adopted to construct the line card module, the identification and analysis of an application layer can be carried out on a data stream, and the data processing depth of the TAP is increased; in addition, interconnection and data exchange among a plurality of board cards are realized through the high-speed serial backplane and the Switch chip, the number of ports is increased, and the application requirement of a high-density network is met.
The technical scheme adopted by the invention is as follows:
a multi-line card high-density TAP exchanger based on FPGA comprises a plurality of line card modules, a high-speed serial back plate, a main control module and an exchange module; each line card module is respectively connected with an exchange module through a high-speed serial backplane, and the exchange module is connected with a main control module through the high-speed serial backplane;
the line card module is used for receiving the data stream of the network side interface, identifying the protocol information of the data stream, analyzing and processing the data stream, simultaneously sending the data stream of the network side interface to the exchange module, receiving the data stream sent by the exchange module, and sending the processed data stream and the data stream uploaded by the exchange module to the tool side interface;
the switching module is used for realizing the exchange of data and control information between the line card modules and the main control module, identifying and processing the received data stream of the network side interface, and sending the processed data stream to the line card modules according to a TAP (test access port) switching strategy customized by a user;
the main control module is used for controlling the whole machine and monitoring the state, issuing control and configuration instructions to each line card module through the exchange module, and collecting the state information of each line card module and the exchange module.
Further included is a power module configured to convert 220V AC to-48V DC to power other modules in the TAP switch.
Furthermore, the exchange module comprises a control exchange chip and a data exchange chip, wherein the control exchange chip is used for receiving an instruction of the main control module, controlling each line card module, monitoring the state information of each line card module and transmitting the state information to the main control module; the data exchange chip is used for receiving the network side interface data stream sent by the line card module, identifying and processing the network side interface data stream, and sending the processed data to the corresponding line card module according to a TAP (test access port) exchange strategy customized by a user.
Further, the line card module comprises a receiving control module, a protocol identification and processing module and a sending control module; the receiving control module receives a data stream of a network side interface and sends the data stream to the protocol identification and processing module; the protocol identification and processing module extracts each layer of protocol information of the data stream received from the network side interface or the exchange module according to a TCP/IP protocol, performs protocol identification on the data stream, acquires application layer information of the data stream, processes the data stream according to a pre-configured data processing strategy, transmits the data stream received from the network side interface to the exchange module or discards the data stream, and transmits the data stream received from the exchange module to the tool side interface or discards the data stream.
Further, the protocol information of each layer of the data stream includes MAC address, ethertype, protocol, IP address or port number information;
the application layer information comprises binary information of a load part in the message and application protocol type information used by the message.
Further, the protocol identification and processing module comprises a link layer identification and processing module, an IP layer identification and processing module, a transmission layer identification and processing module and an application layer identification and processing module;
the link layer identification and processing module is used for extracting information of a link layer protocol of a data stream according to a TCP/IP protocol, intercepting a two-layer data header of a message, analyzing a source/destination MAC address, an Ethernet type and a VLAN field, and comparing with a condition pre-configured by a user;
the IP layer identification and processing module is used for extracting the information of an IP layer protocol of a data stream according to a TCP/IP protocol, intercepting three layers of data headers of a message, analyzing the IP protocol, the DSCP/TOS and a source/destination IP address field, and comparing the three layers of data headers with the conditions pre-configured by a user;
the transmission layer identification and processing module is used for extracting the transmission layer protocol information of the data flow according to the TCP/IP protocol, intercepting the four-layer data header of the message, analyzing the source port number and the destination port number, and comparing the four-layer data header with the conditions pre-configured by the user;
the application layer identification and processing module is used for extracting the information of the application layer protocol of the data stream according to the TCP/IP protocol, intercepting the load part of the message, carrying out feature matching on the load part and identifying the application protocol of the data stream.
Furthermore, the line card module also comprises a policy management and control module, wherein the policy management and control module is used for managing the data processing policy and the state monitoring of the line card module, is connected with the main control module through a control exchange chip, receives the control and configuration instructions sent by the main control module, and sets the corresponding FPGA matching conditions according to the data forwarding policy.
Further, network interface modules are respectively arranged between the receiving control module and the network side interface and between the receiving control module and the tool side interface, the network interface modules comprise a physical layer processor and an MAC controller, and the physical layer processor adopts a PHY chip and is used for realizing serial-to-parallel/parallel-to-serial conversion, encoding and decoding of data streams; the MAC controller adopts an FPGA circuit and is used for realizing the linear speed sending and receiving of Ethernet frames.
Furthermore, the receiving control module and the sending control module respectively adopt a multi-level RAM structure.
Furthermore, the high-speed serial backplane comprises a high-speed serial data line for connecting the line card module and the switching module, and a bidirectional communication control line, a synchronous clock line or a state control signal line for connecting each module and the main control module.
Compared with the prior art, the invention has the beneficial effects that:
(1) the invention can realize the application identification of the network flow, improve the data processing capacity of the TAP switch and can identify the application layer information of the data flow;
(2) the invention realizes the interconnection of a plurality of line cards by utilizing the high-speed serial backplane and the line card module, solves the problem of insufficient TAP ports in a high-density network, can monitor the high-density network ports and is connected with more network security and analysis tools;
(3) the method realizes the MAC controller by utilizing the FPGA, solves the problems that the cache of the general MAC controller in the TAP switch is too small and the line speed processing at the speed of 10Gbps cannot be realized:
(4) the invention has high port density and stronger access capability, can monitor and shunt high-density networks such as a data center and the like, and supports more safety tools to work simultaneously.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application.
FIG. 1 is a diagram of a TAP switch architecture based on a PHY chip implementation;
FIG. 2 is a block diagram of an NPU-based TAP switch;
FIG. 3 is a diagram of a TAP Switch architecture based on Switch chip implementation;
FIG. 4 is a block diagram of a multi-line card high density TAP switch according to the present invention;
fig. 5 is a diagram of a line card module architecture.
Detailed Description
The invention is further described with reference to the following figures and examples.
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
As introduced in the background art, the TAP Switch constructed based on the PHY chip in the prior art has the disadvantages that data exchange between high-density ports cannot be realized, and the Switch is not suitable for security monitoring of a large-scale high-density network such as a data center, the TAP Switch realized based on the NPU has the disadvantages that forwarding and processing time delay is large, accurate control is not easy, and the Switch cannot meet the requirement of low time delay in an application scenario with a high real-time requirement such as finance, and the Switch cannot perform deep recognition and filtering processing on an application layer of a network data stream.
As shown in fig. 4, an embodiment of the present invention provides a multi-line card high-density TAP switch based on an FPGA, where the switch is composed of five parts, namely a plurality of line card modules, a main control module, an exchange module, a power supply module, and a high-speed serial backplane, each line card module is connected to the exchange module through the high-speed serial backplane, and the exchange module is connected to the main control module through the high-speed serial backplane.
The power supply module mainly completes 220V alternating current power supply, after primary power supply processing and filtering, the power supply module supplies 48V direct current voltage to other modules in the whole machine, and each module changes 48V to working voltage required by each chip through DC/DC conversion.
The main control module mainly completes the functions of system initialization, task configuration, TAP data processing strategy management, state monitoring and the like, and is connected with each line card module and the exchange module through the high-speed serial backboard. The main control module is used for controlling the whole machine and monitoring the state, is connected with each line card module through the control exchange chip, issues control and configuration instructions including system initialization, task configuration, data processing strategies and other information through the control exchange chip, and collects the state information of each line card module and the exchange module.
The switching module mainly completes the decision of 2-4 layers of identification, filtration and flow ports of the network data flow. The module consists of a control exchange chip and a data exchange chip, wherein the control exchange chip is used for realizing the transmission of control and state monitoring information between the main control module and each line card. The data exchange chip is provided with a high-density high-speed port, receives data sent by the network side interface line card, and sends data streams to the line card where the corresponding tool side interface is located according to a user-customized TAP (test access port) exchange strategy after further processing.
The line card module mainly comprises an FPGA, a PHY interface chip and a micro control processor, and mainly completes the functions of receiving and sending network data and identifying and filtering each layer of protocol, and the functional composition structure is shown in figure 5 and comprises a network interface module, a receiving control module, a protocol identifying and processing module, a strategy management and control module, a sending control module and the like; the receiving control module receives data flow of a line card at a network side and sends the data flow to the protocol identification and processing module; the protocol identification and processing module extracts each layer of protocol information of a data stream received from a network side interface or an exchange module according to a TCP/IP protocol, performs protocol identification on the data stream, acquires application layer information of the data stream, determines a processing method of the data stream according to a pre-configured data processing strategy, transmits the data stream received from the network side interface to the exchange module or discards the data stream, and transmits the data stream received from the exchange module to a tool side interface or discards the data stream. The protocol information of each layer of the data stream comprises MAC address, Ethernet type, protocol, IP address or port number information; the application layer information comprises binary information of a load part in the message and application protocol type information used by the message.
In this embodiment, the network interface module is composed of two parts, namely physical layer processing and MAC control, and supports 10Gbps and 1Gbps interfaces, wherein the physical layer processing adopts a PHY chip, and the requirement of line speed processing at a gigabyte rate cannot be met because the internal FIFO buffer of the conventional MAC chip is small, so the invention adopts an FPGA circuit to construct the MAC controller; the physical layer processor adopts a PHY chip and is used for serial-to-parallel/parallel-to-serial conversion, coding, decoding and other functions of data streams; the MAC controller adopts an FPGA circuit and is used for realizing the linear speed sending and receiving of Ethernet frames.
In this embodiment, the receiving control module and the sending control module mainly complete buffering of data transmission and reception, and achieve full line-speed transmission and reception at a 10Gbps interface rate by using a multi-level RAM structure.
In this embodiment, the protocol identification and processing module extracts information of each layer of protocol of the data stream according to the TCP/IP protocol, including information such as MAC address, ethertype, protocol, IP address, and port number, and performs deep analysis and processing on the data stream to obtain application layer information of the data stream. The protocol identification and processing module can analyze and process the data flow in the network side inlet direction and the tool side outlet direction, and forms a three-level data identification and processing mechanism with the data flow identification in the exchange module.
The protocol identification and processing module comprises a link layer identification and processing module, an IP layer identification and processing module, a transmission layer identification and processing module and an application layer identification and processing module;
the link layer identification and processing module is used for extracting information of a link layer protocol of a data stream according to a TCP/IP protocol, intercepting a two-layer data header of a message, analyzing a source/destination MAC address, an Ethernet type and a VLAN field, and comparing with a condition pre-configured by a user;
the IP layer identification and processing module is used for extracting the information of an IP layer protocol of a data stream according to a TCP/IP protocol, intercepting three layers of data headers of a message, analyzing the IP protocol, the DSCP/TOS and a source/destination IP address field, and comparing the three layers of data headers with the conditions pre-configured by a user;
the transmission layer identification and processing module is used for extracting the transmission layer protocol information of the data flow according to the TCP/IP protocol, intercepting the four-layer data header of the message, analyzing the source port number and the destination port number, and comparing the four-layer data header with the conditions pre-configured by the user;
the application layer identification and processing module is used for extracting the information of the application layer protocol of the data stream according to the TCP/IP protocol, intercepting the load part of the message, carrying out feature matching on the load part and identifying the application protocol of the data stream.
In this embodiment, the policy management and control module is configured to manage data processing policies and status monitoring of the local line card, and is connected to the main control module through the control switch chip, receive control and configuration instructions sent by the main control module, and set corresponding FPGA matching conditions according to the data forwarding policies.
The high-speed serial backplane is used for bearing a plurality of line cards and realizing high-speed data communication in TAP (test access port) exchange, and comprises a high-speed serial data line connected between a line card module and an exchange module, a bidirectional communication control line, a synchronous clock line, other state control signal lines, a power supply, a ground line and the like, wherein each module is connected with a main control module.
The multi-line-card high-density TAP switch based on the FPGA can realize the application identification of network flow and improve the data processing capacity of the TAP switch; the interconnection of a plurality of line cards is realized by utilizing the high-speed serial backplane and the line card module, the problem of insufficient TAP ports in a high-density network is solved, the high-density network ports can be monitored, and more network security and analysis tools can be connected; the FPGA is used for realizing the MAC controller, and the problem that the line speed processing at the speed of 10Gbps cannot be realized due to undersize cache of the general MAC controller in the TAP switch is solved.
The multi-line card high-density TAP switch based on the FPGA has stronger data processing capacity and can identify the application layer information of a data stream; the port density is large, the access capability is stronger, and the monitoring and shunting of high-density networks such as a data center can be realized, so that more safety tools can work simultaneously.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.

Claims (10)

1. A multi-line card high-density TAP switch based on FPGA is characterized by comprising a plurality of line card modules, a high-speed serial back plate, a main control module and a switch module; each line card module is respectively connected with an exchange module through a high-speed serial backplane, and the exchange module is connected with a main control module through the high-speed serial backplane;
the line card module is used for receiving the data stream of the network side interface, identifying the protocol information of the data stream, analyzing and processing the data stream, simultaneously sending the data stream of the network side interface to the exchange module, receiving the data stream sent by the exchange module, and sending the processed data stream and the data stream uploaded by the exchange module to the tool side interface;
the switching module is used for realizing the exchange of data and control information between the line card modules and the main control module, identifying and processing the received data stream of the network side interface, and sending the processed data stream to the line card modules according to a TAP (test access port) switching strategy customized by a user;
the main control module is used for controlling the whole machine and monitoring the state, issuing control and configuration instructions to each line card module through the exchange module, and collecting the state information of each line card module and the exchange module.
2. The FPGA-based multi-wire-card high-density TAP switch of claim 1 further comprising a power module configured to convert 220V ac to-48V dc to power other modules within the TAP switch.
3. The multi-line-card high-density TAP switch of claim 1, wherein the switching module comprises a control switching chip and a data switching chip, the control switching chip is configured to receive an instruction from the main control module, control each line card module, monitor status information of each line card module, and transmit the status information to the main control module; the data exchange chip is used for receiving the network side interface data stream sent by the line card module, identifying and processing the network side interface data stream, and sending the processed data to the corresponding line card module according to a TAP (test access port) exchange strategy customized by a user.
4. The FPGA-based multi-line card high density TAP switch of claim 1 wherein said line card modules comprise a receive control module, a protocol identification and processing module, and a transmit control module; the receiving control module receives a data stream of a network side interface and sends the data stream to the protocol identification and processing module; the protocol identification and processing module extracts each layer of protocol information of the data stream received from the network side interface or the exchange module according to a TCP/IP protocol, performs protocol identification on the data stream, acquires application layer information of the data stream, processes the data stream according to a pre-configured data processing strategy, transmits the data stream received from the network side interface to the exchange module or discards the data stream, and transmits the data stream received from the exchange module to the tool side interface or discards the data stream.
5. The FPGA-based multi-line-card high-density TAP switch of claim 4, wherein each layer of protocol information of the data stream comprises MAC address, Ether type, protocol, IP address, or port number information;
the application layer information comprises binary information of a load part in the message and application protocol type information used by the message.
6. The FPGA-based multi-wire-card high-density TAP switch of claim 4, wherein the protocol identification and processing module comprises a link layer identification and processing module, an IP layer identification and processing module, a transport layer identification and processing module, and an application layer identification and processing module;
the link layer identification and processing module is used for extracting information of a link layer protocol of a data stream according to a TCP/IP protocol, intercepting a two-layer data header of a message, analyzing a source/destination MAC address, an Ethernet type and a VLAN field, and comparing with a condition pre-configured by a user;
the IP layer identification and processing module is used for extracting the information of an IP layer protocol of a data stream according to a TCP/IP protocol, intercepting three layers of data headers of a message, analyzing the IP protocol, the DSCP/TOS and a source/destination IP address field, and comparing the three layers of data headers with the conditions pre-configured by a user;
the transmission layer identification and processing module is used for extracting the transmission layer protocol information of the data flow according to the TCP/IP protocol, intercepting the four-layer data header of the message, analyzing the source port number and the destination port number, and comparing the four-layer data header with the conditions pre-configured by the user;
the application layer identification and processing module is used for extracting the information of the application layer protocol of the data stream according to the TCP/IP protocol, intercepting the load part of the message, carrying out feature matching on the load part and identifying the application protocol of the data stream.
7. The multi-line card high-density TAP switch of claim 4, wherein the line card module further comprises a policy management and control module, the policy management and control module is used for managing data processing policies and status monitoring of the line card module, is connected with the main control module through the switching module, receives control and configuration instructions sent by the main control module, and sets corresponding FPGA matching conditions according to data forwarding policies.
8. The multi-line-card high-density TAP switch of claim 4, wherein a network interface module is respectively disposed between the receiving control module and the network side interface and between the receiving control module and the tool side interface, the network interface module comprises a physical layer processor and a MAC controller, the physical layer processor adopts a PHY chip for implementing serial-to-parallel/parallel-to-serial conversion, encoding and decoding of data streams; the MAC controller adopts an FPGA circuit and is used for realizing the linear speed sending and receiving of Ethernet frames.
9. The multi-line-card high-density TAP switch of claim 4, wherein the receive control module and the transmit control module each employ a multi-level RAM architecture.
10. The FPGA-based multi-line card high density TAP switch of claim 1 wherein the high speed serial backplane comprises high speed serial data lines for connection of the line card modules to the switching module and bi-directional communication control lines, synchronous clock lines or status control signal lines for connection of each module to the main control module.
CN201810617188.2A 2018-06-15 2018-06-15 Multi-line card high-density TAP switch based on FPGA Active CN108809864B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810617188.2A CN108809864B (en) 2018-06-15 2018-06-15 Multi-line card high-density TAP switch based on FPGA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810617188.2A CN108809864B (en) 2018-06-15 2018-06-15 Multi-line card high-density TAP switch based on FPGA

Publications (2)

Publication Number Publication Date
CN108809864A CN108809864A (en) 2018-11-13
CN108809864B true CN108809864B (en) 2020-09-01

Family

ID=64086387

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810617188.2A Active CN108809864B (en) 2018-06-15 2018-06-15 Multi-line card high-density TAP switch based on FPGA

Country Status (1)

Country Link
CN (1) CN108809864B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021146964A1 (en) * 2020-01-21 2021-07-29 华为技术有限公司 Switch element and switch apparatus
CN111277519A (en) * 2020-02-21 2020-06-12 苏州浪潮智能科技有限公司 Exchange chip extension system and switch
CN111797371A (en) * 2020-06-16 2020-10-20 北京京投信安科技发展有限公司 Switch encryption system
CN112187678A (en) * 2020-09-22 2021-01-05 锐捷网络股份有限公司 Backup method and device for line card state information
CN114679634B (en) * 2020-12-24 2024-10-01 广州视源电子科技股份有限公司 Control system of interaction panel and interaction panel
CN113132382B (en) * 2021-04-19 2022-09-02 中文出版集团有限公司 Intelligent computer network information safety controller
CN114384849A (en) * 2022-01-17 2022-04-22 杭州和利时自动化有限公司 Safety instrument system
CN117271434B (en) * 2023-11-15 2024-02-09 成都维德青云电子有限公司 On-site programmable system-in-chip
CN118138402B (en) * 2024-03-12 2024-10-29 铵泰克(北京)科技有限公司 VLAN division-based high-speed Switch chip network card function realization system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101335685A (en) * 2007-06-27 2008-12-31 上海博达数据通信有限公司 Method implementing priority process of special packet by redirecting technique
CN103747068A (en) * 2013-12-27 2014-04-23 珠海市佳讯实业有限公司 System for implementing TAP equipment function based on FPGA (Field Programmable Gate Array)
WO2018080898A1 (en) * 2016-10-25 2018-05-03 Extreme Networks, Inc. Near-uniform load balancing in a visibility network via usage prediction
US9967150B2 (en) * 2014-04-30 2018-05-08 Keysight Technologies Singapore (Holdings) Pte. Ltd. Methods and apparatuses for implementing network visibility infrastructure

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101335685A (en) * 2007-06-27 2008-12-31 上海博达数据通信有限公司 Method implementing priority process of special packet by redirecting technique
CN103747068A (en) * 2013-12-27 2014-04-23 珠海市佳讯实业有限公司 System for implementing TAP equipment function based on FPGA (Field Programmable Gate Array)
US9967150B2 (en) * 2014-04-30 2018-05-08 Keysight Technologies Singapore (Holdings) Pte. Ltd. Methods and apparatuses for implementing network visibility infrastructure
WO2018080898A1 (en) * 2016-10-25 2018-05-03 Extreme Networks, Inc. Near-uniform load balancing in a visibility network via usage prediction

Also Published As

Publication number Publication date
CN108809864A (en) 2018-11-13

Similar Documents

Publication Publication Date Title
CN108809864B (en) Multi-line card high-density TAP switch based on FPGA
US8687491B2 (en) Systems, apparatus, and methods for managing an overflow of data packets received by a switch
TWI654857B (en) Buffer scheduling method for traffic exchange
US7898984B2 (en) Enhanced communication network tap port aggregator arrangement and methods thereof
CN201100949Y (en) Network device
CN106712899B (en) Port rate adjusting method and device
JP2000269997A (en) Lan repeating exchange device
EP1471705A1 (en) A means and control method for adapting different media of transmission link of network on physical layer.
CN112751788B (en) Double-plane switching method supporting multi-type frame mixed transmission
CN102438121A (en) Data transmission method, system and serial high-speed input/output port gateway equipment
CN103731316B (en) A kind of flow-monitoring device and method
CN100512225C (en) Device and method for realizing fluid control information transfer
CN102223273A (en) Digital sensing network and communication method
CN103297284B (en) A kind of system and method for Multi net voting monitoring
JP2008211569A (en) Frame transfer device
CN101854402B (en) Interface conversion device and stream control implementing method
CN109992550A (en) Polymorphic type information processing unit and method based on cpci bus
CN100596354C (en) Network access equipment and its data forwarding method
CN104270341B (en) Data protocol repeater system in ip ran and method
CN107070810A (en) A kind of data transmission method, apparatus and system
CN1472928A (en) Method and device for realizing virtual local network transmission on Ethernet exchange
CN101296189A (en) Distributed stream processing network appliance and packet transmission method thereof
CN219659726U (en) Optical communication device for monitoring 10G service data
CN219395053U (en) 5G intelligent edge terminal supporting TSN network
CN100446499C (en) Protecting inversion method and inversor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant